Problems getting TACACS and SNTP to cork on CSS11500
Hi,
I have a problem with TACACS and SNTP on a pair of CSS11501s and a pair of CSS11503s
I have configured a TACACS server and an SNTP server which are accessable out the management interface. There is a route to these devices out the management interface. They aren't pingable but if I span the management port and sniff it I can see the ICMP requests leaviong th interface if I try to ping any of them. The problem is that the device sends no SNTP packets to the server and it never sends any packets to TACACS server on the management or any of the other ports - it's as if both services are somehow disabled. I did some debugging as per doc 27000 on CCO and I do get the message "SECURITY-7: Security Manager sending error 7 reply to xyz" which the doc suggests is a key mistmatch, but I don't think it can be as the device isn't even trying to connect to the TACACS server on port 49.
Am I missing something obvious?
I've pasted the relevant parts of the config below
Thanks in advance,
Dom
lab-fe-2# show run
!Generated on 11/20/2009 09:40:18
!Active version: sg0820303
configure
!*************************** GLOBAL ***************************
sntp primary-server 10.52.240.1 version 3
sntp secondary-server 10.52.240.2 version 3
virtual authentication primary tacacs
virtual authentication secondary local
tacacs-server key xxxxxxxxxxxxx
tacacs-server 10.52.255.201 49
ip management route 10.52.240.0 255.255.240.0 10.55.2.252
ip route 0.0.0.0 0.0.0.0 10.55.3.254 1
!************************* INTERFACE *************************
interface e1
bridge vlan 2503
phy 100Mbits-FD
interface e2
bridge vlan 2004
phy 100Mbits-FD
interface Ethernet-Mgmt
phy 10Mbits-FD
!************************** CIRCUIT **************************
lab-fe-2# show boot
!************************ BOOT CONFIG ************************
ip address 10.55.2.245
subnet mask 255.255.255.0
primary boot-file sg0820303
primary boot-type boot-via-disk
gateway address 10.55.2.252
lab-fe-2#
lab-fe-2# show tacacs-server
Per-Server Status:
IP/Port State Primary Authen. Author. Account
10.52.255.201:49 Dead No 0 0 0
Totals: 0 0 0
Per-Server Configuration:
IP/Port Key Server Timeout Server Frequency
10.52.255.201:49 Not Configured None None
Global Configuration Parameters:
Global Timeout: 5
Global KAL Frequency: 5
Global Key: Configured
Authorize Config Commands: No
Authorize Non-Config Commands: No
Account Config Commands: No
Account Non-Config Commands: No
Send Full Command: Yes
end of buffer.
lab-fe-2#
lab-fe-2#
lab-fe-2#
lab-fe-2#
I have got to the bottom of this, It looks like the CSS cannot authenticate users using a TACACS server
over the management interface unless the TACACS server is located on the same subnet as the management interface;
The Ethernet management port provides a connection to the CSS that allows you to perform CSS management functions. The Ethernet management port supports management functions such as secure remote login through SSH, remote login through Telnet, file transfer through active FTP, SNMP queries, HTTPS access to the Device Management user interface, SNTP, DNS, ICMP redirects, RADIUS, syslog, CDP, TACACs, and CSS configuration changes through XML.
Note When using static routes for managing the CSS from subnets beyond the management LAN, the Ethernet management port supports the management applications listed above, except CDP, DNS, SNTP, and TACACs. For more information on static routes, see the "Configuring Static Routes for the Ethernet Management Port" section.
I'm going to have to configure NAT on the Management port's gateway device so the CSS thinks the TACACS server is on the same subnet.
The confusing thing about this is that this is documented up to version 7.40, but it's not mentioned in the documentation for 7.5, 8.1 or 8.2 and neither is it mentioned that it is supported in the release notes of any of those versions.
Cheers, Dom
Similar Messages
-
Problem getting calls and time stamp of calls
I'm just about to toss my iphone out the window!
I am having the same problems as others recieving calls when in sleep mode.
I can sometimes get them, but mostly 'miss' them.
THEN...to make matters worse, any time stamp on the calls I've 'missed' is the time I unlock my phone to view them, not when they actually come in.
Tonight I received 3 voice mails. 2 from this morning, one from yesterday.
I don't get it....anyone have any suggestions?Okay...thanks. I think the resetting took care of the time stamp problem.
As for the non-ringing, I may have solved that too.
I had wi-fi turned off. I did't think I needed to have it on as I was fine with AT&T. But with only At&T I was constantly seeing that little Edge symbol.
Once I turned on the wi-fi, the E went away and so far all of my test calls went through.
Well, only time will tell.
Other than that, i love my phone! -
Problems getting programs and settings back to where they were before A/I
I had to do an archive and install because the OS X 10.4.9 update messed up my system. I am now back on my MAC with v.10.4.8. The problem now is that some of my applications are acting weird. They aren't loading up the settings they should be. I tried copying the Library folder onto my MAC HD root directory and tried to replace the new one that was there and it didn't let me do it because it errored. First it said you will need to type in your administrator password in order to replace the Library folder then, right after, it said an unexpected error occurred? How do I go about getting these settings and these programs functioning again. Guitar Rig and EZdrummer won't load up when I start logic it says they can't be found or something, and I tried replaced just the Audio folder in the Library folder and it wound up not working right and now that folder is empty. I still have all the archived files in the Previous Systems folder in the root directory on my MAC HD. Can anyone help me?
Hi,
Check the link below and use Microsoft Fix it:
Diagnose and fix sound playback and audio problems automatically
** Say thanks by clicking the "Thumb up" icon which is on the left. **
** Make it easier for other people to find solutions, by marking my answer with "Accept as Solution" if it solves your issue. ** -
Problem getting FDS and CF to communicate
This has been an on going problem for almost a month now. As
i gave up before, the more i learn about what FDS can do for me the
more i want to use it. However it is just becoming the biggest pain
to get it to talk with CF. I have read through the forums,
walkthroughs and anything else i can get my hands on and still cant
get it to work.
The primary problem im encountering is:
"Error invoking fill-method 'fill' for destination
cfcontact-default: Permission denied."
Coldfusion Config:
Flex Integration: Flash Remoting enabled, Flex Data
Management enabled, 192.168.1.150 allowed.
All CFCs are located in
wwwroot/contact_sample/samples/contact
Mapping /samples ->
C:\CFusionMX7\wwwroot\contact_sample\samples\
http://192.168.1.150:8500/contact_sample/samples/contact/testContactAssembler.cfm
returns 8 records
Flex Config:
Copied the coldfusion-dao adapter and the entire
cfcontact-default destination from
fds2\resources\config\data-management-config.xml
to
fds2\jrun4\servers\default\samples\web-inf\flex\data-management-config.xml
AND
Copied the cf-dataservice-rtmp, cf-polling-amf channel
definitions and the DataService.coldfusion pattern from
fds2\resources\config\services-config.xml
to
fds2\jrun4\servers\default\samples\web-inf\flex\services-config.xml
I did nothing else, no changing {server.name} or uncommenting
<hostname>.
My application files are installed at:
C:\fds2\jrun4\servers\default\samples\contact_sample\dataservice\contact
And i run the application from:
http://192.168.1.150:8700/samples/contact_sample/dataservice/contact/contactmgr.mxml
I did not change the directory structure or edit any of the
files within the contact_sample zip file.
NOTE: both data-management-config.xml and contactmgr.mxml
both reflect cfcontact-default
I have gone through these files over and over and over,
messed with other things, reinstalled, everything! I dont know what
else to do. Help is greatly appreciated!!!Thanks for your response!
I have tried two different ways to go about this, using
localhost and defining an IP. Neither work.
NOT DEFINING THE IP
- In data-management-config.xml i left the hostname
commented, since default is localhost.
- In CF Admin Flex Integration i removed my IP address and
saved it.
- Then loaded:
http://localhost:8700/samples/contact_sample/dataservice/contact/contactmgr.mxml
DEFINING THE IP
- Uncommented <hostname> and added 192.168.1.150 in
data-management-config.xml
- Added 192.168.1.150 to CF Admin Flex Integration
- Then ran
http://192.168.1.150:8700/samples/contact_sample/dataservice/contact/contactmgr.mxml
Both instances return the permission denied while invoking
fill-method for cfcontact-default error.
I have noticed that when Flex Server reloads there is an
error stating "Requested resource
'samples/messagebroker/cfamfpolling'
(%2fsamples%2fmessagebroker%2fcfamfpolling) not found"
I have not specified Port Numbers in any of these
configurations. Flex is on 8700 and Web Server on 8500. Also note
that services-config.xml does not list any IP's or Port's unless
the Port number was specified in the 'samples' xml file.
Other ideas? -
When I go to certain web sites, I cannot get some of their links or buttons to work. For example, I cannot "vote" and see results on MSN's homepage or sign in to my account on Ancestry.com's homepage. Some links work, but others do not. They do not work in IE either. I have tried all of the suggestions concerning plug-ins and extensions that Mozilla Support gives. I run Windows 8.1, have Java up to date as well as JavaScript. I have tried everything to figure out what is going on. Any help would be much appreciated!
Ronmissy2008, this is Davec. I'm sorry to hear about you not being able to access certain links nor use the buttons to vote on issues or articles read.'''''' First of all, I would call your Internet Service Provider and have them check your router''''''. There is a possibility that it may need a firmware update, since you have upgraded to Windows 8.1. '''''Firmware''' is embedded software that implements network and security protocols for that specific model of hardware device.'' Most wired and wireless routers are designed to perform a firmware upgrade process. The manufacturer will be able to provide enhancements to your router. When I first got AT&T U-verse, my router upgraded its firmware which took about a few minutes to perform. Click on the link for more information about firmware upgrades:
(http://compnetworking.about.com/od/wifihomenetworking/qt/firmwareupgrade.htm)
If your Service provider is done with the router's firmware upgrade, then try updating your Windows 8.1 software.
1.) '''Open Windows Update by swiping in from the right edge of the screen '''(or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), '''tapping or clicking Settings''',''' tapping or clicking Change PC settings, and then tapping or clicking Update and recovery'''.
2.) Tap or click Choose how updates get installed.
3.) Under Important updates, choose the option that you want.
4.) Under Recommended updates, select the Give me recommended updates the same way I receive important updates check box, and then click Apply.
(http://windows.microsoft.com/en-us/windows-8/windows-update-faq)
This is all I could think of for right now. Definitely call your Internet Service Provider and let them know you have upgraded to Windows 8.1 and that your router needs to be checked. Also, have them upgrade the firmware if needed. Then run Windows update. I'm going to perform more research into this matter. Let me know what results you receive after performing the firmware upgrade and the windows update. -
Hi,
Today i installed Microsoft Office 2016 preview for my Mac OS X 10.10 Yosemite. Word, Excel and Powerpoint applications are working without any problem. However, Outlook getting crashed and throws an alert message as "microsoft outlook has encountered a problem and needs to close.", it's happens always, when i launch outlook. please suggest me, how can i comet from this issue.
Thanks in advance,
Suresh Balakrishnan.Go to the Microsoft site for help. These forums are not offering support for MS products, especially not for beta products.
-
I recently had to swap out my iphone 4s and I am having problems restoring photos and videos from icloud. When I restored my phone from icloud, half of my pics and videos have been deleted, the pics that were restored on my phone are very blurry, and the videos won't play. I get a message on my phone that says " the URL you are requesting is not found on this server". I have erased and reset my phone twice, but every time I do it, more pics and videos are deleted. I have backed up to icloud and iphoto, however, some of the pics are no longer on iphoto either. Is there someway to get the videos to play on my phone again? Make the photos not as blurry as they are now and to restore the pics and videos that have been lost? I really would love to have them back, this phone is supposed to be the best and right now it doesn't seem to be. Please help if you can.
I too have noticed that once i restored from iCloud. Pictures blurry and videos wont play!
Need help too!! -
Haven't been able to use pages for a while. Keep getting following message. Have tried reinstalling iWork, but no luck. Same problems with Keynote and Numbers/
Have you moved Pages from its installed location? Or just dragged a copy to your current system?
It can't find some of its resources apparently.
Peter -
please help - installed IOS7 and now I am having problems playing Words Free on my Iphone. It gives me a pop up telling me to connect to ITunes but will not connect. Cannot get out and have to continually shut down my phone and start over.
Hi, jeantwin.
Thank you for visiting Apple Support Communities.
The steps in the article below may help you resolve the issue with push notifications.
iPad and iPod touch: Unable to use YouTube or Push notifications
http://support.apple.com/kb/ts3305
If the issue persists, try signing out of your Apple ID and then sign back in.
iOS: Changing the signed-in iTunes Store Apple ID account
http://support.apple.com/kb/HT1311
Cheers,
Jason H. -
Question
When trying to create a desktop icon, it does not go to the URL.....instead I get 'script' and not a website......the script has http//etc but I am not directed to the website......I previously had IE 8 (on Vista).....is that the problem?I do not have any installed plugins....at least none that I know of.....remember I am a new user......Basically, the desktop icon is not going directly to the Mozilla FF to get me to the web site I need to go to.....FF works when I use the Mozilla FF icon.....just not the icons I create.....THANKS!!! I have also tried reinstalling FF and get the same results.....HELP!!!The address beginning with file:/// denotes a saved file (local file). The file may not be present. You can try dragging the site icon of this page on the left edge of the location (Address) bar and release it on the desktop. Please try opening it. If it still shows an error it could be a problem with the system's zone permissions. You can try setting each zone in the Windows Control Panel or IE > '''Internet Options''' > '''Security''' tab to '''Default Level'''.
-
I have a issue with my mac book pro. For some reason it won't stay powered on. I can't get past the apple loading logo. The battery is fully charged so it is not the problem. Can anyone tell me what the problem may be and how can i get it resolved?
The battery is fully charged so it is not the problem.
What happens when you use the MagSafe? -
I have a problem with my iphone 4. My 3G always stays activated but I lose my network signal. The bars all get lost and I'm not able to receive / send sms, mms or phone calls. Could you guys please help me fix this problem? Ios 5.1.1
I haven't gotten a new sim card because the problem has been presenting itself in various cards not only mine. So far, all I've done is reset my network settings.
Last night, I turned off the 3G tab and it had all the signal bars. Today, I did the network reset and it's working apparently. But like I said before, previously the bars just disappear and the iphone only has the 3G activated. -
I turn it off and it will wait anywhere from a few seconds to a few hours and turn itself back on. You can see how that can get annoying and I can't seem to solve the problem.
There's a slight chance this might help:
Intel-based Macs: Resetting the System Management Controller (SMC)
Otherwise it needs to be repaired. -
After I've upgraded my iPhone iOS to 5.0.1, I got problems with connectivity. If my iPhone lose network, then it gets frozzen and I cannot make calls. After restart the telephone still does not work.
1. Download the iOS 5.0.1: http://www.tobias-hartmann.net/2011/11/download-ios-5-0-1-veroffentlicht-direkte -downloadlinks/
2. open itunes,Click in iTunes while holding down the Shift key (on Windows) or Alt key (Mac) to restore and firmware -
I am having problems with my outlook 2011. While i am able to check and SEND email on all my other devices ( Ipad, iphone, Macbook), I am unablesend any email with my iMac ( i can recieve email) . This problem started suddenly and the error message i get is error 5.7.8. I have read the threads on line and went into settings, even created a new profile, nothing helps...Please advice..is this something to do with my keychain Access?
As Outlook is not an Apple product, you will find more helpers familiar with Outlook here:
Office for Mac forums
Maybe you are looking for
-
Mark confirmation warning as error at plant level
Hi, Its a business requirement that when carrying out confirmation of production orders, over and underdelivery tolerance as specified in material master should be enforced. This can be done using transaction OPK4, selecting the plant and order type
-
Will not load games on Facebook i.e. frontierville, have updated Flashplayer
When I go into Facebook and try and load my games, message comes up "if it doesn't load within 10 seconds update Flashplayer" which I have done and still will not load
-
How do I specify photo paper for printing?
In a much earlier version and old computer I had all kinds of options of paper choice ( glossy, mat, presentation). How do I specify paper now?
-
Help,just entered registration code for quicktime pro,help needed
Help,just entered registration code for quicktime pro,help needed,cant seem to see the quicktime pro screen i saw on internet with all the edit and extra things at the top,i dont understand this,any help,Dave
-
GI and GR FI Entries Generated from the background Differ
Dear Experts, I have tried searching answers from the net regarding my concern but found no luck. The scenario is the FI entries generated during PGR differs from the FI entries generated during PGI. The business is using moving average price (MAP)